iOS Anti-Debugging Protections #1
转自:https://www.coredump.gr/articles/ios-anti-debugging-protections-part-1/Many iOS applications use anti-debugging techniques to prevent malicious users from using a debugger to analyze or modify their...
View ArticleiOS Anti-Debugging Protections #2
转自:https://coredump.gr/articles/ios-anti-debugging-protections-part-2/In the previous part (iOS Anti-Debugging Protections: Part 1) we discussed about ptrace and how it can be used to prevent a...
View ArticleDownload AppSync for iOS 9
So if you have made up your mind to get started with AppSync for iOS 9 installation on your jailbroken iPhone 6S, 6, 5S, 5, 4S, iPad Air, iPad Mini or iPod Touch, then follow some simple steps we have...
View Articleinstall snoop-it for ios
In order to install and run Snoop-it, please perform the following steps (please make sure, that MobileSubstrate has been installed from Cydia):Add the Cydia repository repo.nesolabs.de and install the...
View ArticleThe LLDB Debugger
链接:http://lldb.llvm.org/lldb-gdb.htmlGDB TO LLDB COMMAND MAPBelow is a table of GDB commands with the LLDB counterparts. The built in GDB-compatibility aliases in LLDB are also listed. The full lldb...
View ArticleWhen dyld_decache fails on dyld_shared_cache_arm64, dsc_extractor saves our days
链接:http://iosre.com/t/when-dyld-decache-fails-on-dyld-shared-cache-arm64-dsc-extractor-saves-our-days/1974As you may have already known, dyld_decache by kennyTM fails on arm64 caches. Since arm64...
View Article用dumpdecrypted给App砸壳
链接:http://bbs.iosre.com/t/dumpdecrypted-app/22*** 以下部分内容摘自《iOS应用逆向工程》第二版,以iOS 8为环境编写,应该也支持iOS 7,请大家注意。 ***在《iOS应用逆向工程》4.6.2节中,我们曾推荐使用iPhoneCake源的AppCrackr...
View ArticleClik here to view.
AppMinder jailbreak detection analysis
转自:http://www.codepwn.com/posts/appminder-jailbreak-detection-analysis/Neso Lab's AppMinder project is another attempt at providing jailbreak detection for enterprise iOS applications (and perhaps...
View ArticleClik here to view.
IOS反调试ptrace
参考链接:http://bbs.iosre.com/t/hook-ida-sub-xxx/720http://www.blogfshare.com/ioss-check-debug.html唉,说起来这就是一个坑,Cydia...
View ArticleClik here to view.
muymacho - exploiting DYLD_ROOT_PATH
转自:http://luismiras.github.io/muymacho-exploiting_DYLD_ROOT_PATH/muymacho is an exploit for a dyld bug present in Mac OS X 10.10.5 allowing local privilege escalation to root. It has been patched in El...
View ArticleClik here to view.
Here Are Six Ways to Find Your iPhone Serial Number
By Jim Tanous on August 24, 2015 at 1:52 AM ? @mggjimWhether you need to send your iPhone in to Apple for service, prep it for sale, or simply document it for inventory or insurance records, you’ll...
View Article去除iOS应用的ASLR功能(即PIE flag)
转自:http://blog.sina.com.cn/s/blog_45e2b66c0101cseh.html方法-:转自:http://danqingdani.blog.163.com/blog/static/186094195201343081726861/碳基体(看雪有精贴,还是一mm?,没事多关注)曾在《ASLR》中介绍了address space layout...
View Article解决Mac OS X 10.11 El Capitan 上 openssl/aes.h file not found 的问题
转自:http://blog.bbzhh.com/index.php/archives/108.html现象:安装pyOpenSSL时报错:build/temp.macosx-10.10-x86_64-2.7/_openssl.c:400:10: fatal error: 'openssl/aes.h' file not found 尝试解决方案:首先brew install openssl...
View ArticleiOS8下代码安装/卸载APP
转载:https://blog.0xbbc.com/2014/12/ios8%E4%B8%8B%E4%BB%A3%E7%A0%81%E5%AE%89%E8%A3%85%E5%8D%B8%E8%BD%BDapp/iOS8下安装/卸载APP的代码,好久之前的了,还是贴出来吧,顺便把注释写上了。 #import <Foundation/Foundation.h>#import...
View ArticleClik here to view.
Mobile Security Certificate Pinning
转自:http://blog.dewhurstsecurity.com/2015/11/10/mobile-security-certificate-pining.htmlCertificate Pinning is an extra layer of security that is used by applications to ensure that the certificate...
View ArticleStatic and Dynamic Libraries
Linking LibrariesThe act of linking libraries is a form of code dependency management. When any app is run, its executable code is loaded into memory. Additionally, any code libraries that it depends...
View ArticleCocospod 在10.11中的一些改正
(1)修改cocospod的源gem sources --remove https://rubygems.org/gem sources -a http://ruby.taobao.org/ 这里改为gem sources -a https://ruby.taobao.org/(2)更新repo master pod repo remove masterpod repo add master...
View ArticleClik here to view.
iOS Reverse Engineering Part One: Configuring LLDB
OverviewThis is the first part in a series where we will show you how to configure an environment and learn the basics for reverse engineering iOS applications. In this series we are using a jailbroken...
View Article利用 com.apple.pcapd 服务在iOS设备上抓包
iOS Packet TracingTechnical Q&A QA1176 - Getting a Packet Trace:iOS 5 added a remote virtual interface (RVI) facility that lets you use OS X packet trace programs to capture traces from an iOS...
View ArticleKernel debugging with LLDB and VMware Fusion
转自:http://ddeville.me/2015/08/kernel-debugging-with-lldb-and-vmware-fusion/Being able to use LLDB to debug anything on my Mac has been the basis of my job for the last few years. Regardless of the...
View ArticleMac下把dmg转化为iso
Mac下有一个自带的工具可以完成这个事情,命 令如下hdiutilhdiutil convert: convert an image into a different formatUsage: hdiutil convert -format <format> -o <outfile> <image> Image Formats: UDRO -...
View ArticleClik here to view.
Defeating iOS Jailbreak detection for Mobile Application Testing
This blog is a cursory breakdown of defeating less advanced jailbreak detection code. There are several ways to employ jailbreak detection in a security conscious mobile application. Many of the...
View Articlegevent 1.0.2 (and earlier) fails to build on OS X Yosemite #656
问题: libev/ev.c:1029:42: error: '_Noreturn' keyword must precede function declarator ecb_inline void ecb_unreachable (void) ecb_noreturn;解决方案: CFLAGS='-std=c99' pip install...
View ArticleClik here to view.
Xcode 7 Bitcode的工作流程及安全性评估
简介随着 Xcode 7 的发布,苹果为 Xcode 增加了一个新的特性 Bitcode [1]:新的特性往往意味着新的攻击面。本文首先介绍什么是 Bitcode 及 Bitcode 相关的工作流程,在熟悉了 Bitcode 的工作流程后,接下来是评估 Bitcode 相关的攻击面,最后介绍针对各个攻击面的测试方法及目前的测试结果。什么是 Bitcode简单来说,Bitcode 是 LLVM-IR...
View ArticleClik here to view.
iOS Trojan “TinyV” Attacks Jailbroken Devices
转自:http://researchcenter.paloaltonetworks.com/2015/12/ios-trojan-tinyv-attacks-jailbroken-devices/In October 2015, we discovered a malicious payload file targeting Apple iOS devices. After...
View Article11208elppA
链接:http://newosxbook.com/articles/11208ellpA.html?nJonathan Levin, http://www.newosxbook.com/ (@Technologeeks) - 04/08/15The 2nd Edition of MOXiI delves deep into a realm I totally ignored in the 1st...
View ArticleDYLD Detailed
链接:http://newosxbook.com/articles/DYLD.htmlJonathan Levin, http://newosxbook.com/ - 8/12/131. AboutWhile maintaining and adding more functionality to JTool, I found myself deeply bogged down in...
View Articlelaunchd, I'm coming for you
Force open sourcing launchd and libxpc, one binary at a timeJonathan Levin, @Technologeeks, http://newosxbook.com/ - 10/07/15Changelog:11/09/15 - Added commpage for ARM64, "dumpjpcategory" command and...
View ArticleClik here to view.
Kext signing for Mac Yosemite
转自:https://macwish.com/kext-signing-for-mac-yosemite/22 JANUARY 2015 on mac, kext音箱坏了之后, 手上的 TT 6Fire 声卡就一直没有使用过. 这两天准备给它洗尘 发现它已经不工作了. Wow ...原因是, 不知觉间 系统早已升级到了 Mac 10.10 Yosemite (之前的 Custom driver...
View ArticleIOS 9 By Tutorials
IOS 9 Tutorials,链接:http://chengway.in/ios-9-by-tutorials-bi-ji/http://www.appcoda.com/ios-programming-course/
View ArticleClik here to view.
Android.malware.worm分析报告
Android.malware.worm分析报告pandazheng一、样本分析来源样本来源于国外一篇报告,链接:http://www.welivesecurity.com/2014/04/30/android-sms-malware-catches-unwary-users/...
View ArticleOSX/IOS系统漏洞学习资料汇总
OSX/IOS系统漏洞学习资料汇总pandazheng随着OSX/IOS系统的不断普及,相信在未来OSX/IOS安全性也会受越来越多的人关注,今天有时间我就把自己学习的一些OSX/IOS系统漏洞的资料总结一下,方便自己和爱好这方面的人一起研究学习,路漫漫其修远兮 吾将上下而求索!...
View ArticleClik here to view.
CVE-2015-6974分析与PoC
0x00 概述先看来看苹果官方的描述这个洞,我在今年8月份的时候挖到了它,但当时并有报给苹果。后来玩去了,以为iOS9.0就修复了,有人报了,所以也没有去报了,居然也没有去验证。最近闲下来,给苹果发邮件,想知道CVE编号,苹果说是CVE-2015-6974,才知道原来是9.1才修复。0x01...
View ArticleInstall upx on Mac OSX
About the AppApp name: upxApp description: Compress/expand executable filesApp website: http://upx.sourceforge.netInstall the AppPress Command+Space and type Terminal and press enter/return key.Run in...
View ArticleInstall libsodium on Mac OSX
About the AppApp name: libsodiumApp description: NaCl networking and cryptography libraryApp website: https://github.com/jedisct1/libsodium/Install the AppPress Command+Space and type Terminal and...
View ArticleClik here to view.
一步一步用debugserver + lldb代替gdb进行动态调试
转自:http://bbs.iosre.com/t/debugserver-lldb-gdb/65*** 以下部分内容摘自《iOS应用逆向工程》第二版,以iOS 8为环境编写,应该也支持iOS 7,请大家注意。...
View Article